Sandboxie

Just a small point about my personal PC use.

I do not have any banking, credit card or other financial details entered on my computer. The only personal details are my correct name and address which I must have entered for various normal activity reasons.
~Comments removed. See the TOS.~I do not even have a passport. Have a nice day. My daily alibi for being where I am is water tight and apart from a good giggle, that is all I care about.

John B

 

It won't stop you from transmitting personal information, if you so choose. The first layer of security lies in the choices you make, whether to participate or not and to what extent.

 

If the website is simply a rogue, that's true. That's where reputation-based browser add-ons like WOT can help. If the website is a fraudulent version of a genuine website then Prevx may help. The latter aspect has been discussed in the following thread: https://www.wilderssecurity.com/showthread.php?t=270119

 

do you mean from let's say facebook account or from my system account [OS]?

 

I mean from anywhere through your internet connection. SBIE will protect your system, with the qualifications already discussed in this thread (needing AV, etc.). My point was that nothing can protect you from making poor choices about what information you decide to provide to social networking sites, such as FB, except your level of awareness and giving the choices sufficient thought.

So, more in what I take is the original intent of your question, SBIE doesn't care whether you are connected to a malware sharing site or FB or twitter, It quarantines what enters your system through the sanboxed browser connection and, in that sense, it is equally secure for all three.

Social networking, on the surface, is supposedly just meant for that: social networking. BUT, as you can find in many other threads at these fora, you take a risk of being "socially engineered" into giving out information to strangers that you wouldn't otherwise give out unless you have an "acceptable level" of control on privacy settings. Even at that, "acceptable" may not be good enough, a topic for another thread.

 

thanks for the information,well iwas planing to have a fb,twitter account with fake info
you know.

 

Heard a rumour that Youtube, Twitter and Facebook might merge.

The new site will be called "You Twit Face".

 

Please consider prepending the first syllable of Scroogle.

 

All I can construe from this wonderful thread response is that Sandboxie is similar to a personal safe where our possessions are perfectly secure except from the expertise of a professional safe cracker.
Enter the Pink Panther and Inspector Clouseau with his ever suffering side-kick Kato.

I`ll buy that any day - nothing is perfect, not even Fort Knox.

Tzuk should be nominated for a Nobel Prize for his ingenious contribution to net surfers safety.

John B

 

Sandboxie 1 - Threats 0

I have only had Sandboxie fro 3 weeks having installed it as a result of this thread and thereafter being over the moon with it and not a hiccup in sight.

I have just had a practical example of how marvelous this program is. During a browse on an innocent subject like car steering locks, up came two panels, one from AVG - Threat detected, blocked by AVG and the other from Firefox. WARNING - dangerous attack site ! I clicked "Get me out of here" and the screen went back to Google.

This was all in the sandbox and nothing left it. No log entry in AVG virus vault. I just deleted the sandbox (it is deleted on shut down anyway), shut Sandboxie down and did a quick scan. Nothing - all clean.

Wonderful.
John B

 

This thread has convinced me that for every day browsing Sandboxie is ideal. Shadow Defender might be more appropriate for heavily invasive applications. As it is often the case for the programs I buy, I paid for Sandboxie out of respect to the developer.

Two questions please (I'm trying to read the online tutorials).

-How does one create a sandbox for a USB flashdrive(Do you have to plug it in and run it sandboxed? Can one create a sandbox before plugging the flash drive?)
-Without an active AV, how can one scan anything before recovering it (in other words, can one scan something in the sandbox?)

Thanks in advance for any advice

 

The question is not very clear. If you want to execute something from a flash drive - one possible way to use a explorer's context menu - "Run sandboxed". You do not need to create an extra sandbox for that purpose.

Yes, just point to a sandbox folder, usually C:\SandBox. This will scan all the contents of a sandbox.

 

It's a good idea to check your AV works within the sandbox. For instance Avira worked fine for me, but Prevx didn't.

Try the Eicar AV test files in the sandbox. Just to be sure.

 

Thanks Leach & Keyboard_Commando.

When USB flash drives are infected, as soon as you plug them in they transfer the infected object automatically (autorun). Now, I know one can disable the autoplay/autorun, but is there a way to have the USB plugged into a sandbox?

 

Here is some light reading https://www.wilderssecurity.com/showthread.php?t=253382

Don't forget that besides the autorun killing regedits for XP you can use Panda USB Vaccine, which does a nice job on your own thumb drives. As well, you can use SRP to deny execution from drive letters possibly assigned to USB devices.

I have not heard of a way yet to stop the execution of autorun.inf with any means (that is, blocking .inf files does not seem to work). Perhaps someone who uses AppLocker a lot could inform us if it would stop autorun.inf from doing its business.

Sul.

EDIT: Sorry, what you are looking for is the ForceFolders setting. This way if you plug it in, and it gets letter z: assigned, you can force it into a particular sandbox.

 

@Sully

Hi,

That's not good

But did you mean generally, or just for new startups ? Because, as i'm sure you know, Autoruns will fit the bill

How about something like ScriptDefend ? You can include ANY extention for inclusion in blocking/alerting and then allow/deny. I havn't tried it, as it just occurred to me Maybe we would get too many blocks/alerts on boot to be worthwhile ? Just a thought

 

Maybe create a benign autorun.inf in the root of each drive that can't be deleted or overwritten?

Flash Disinfector can do that.

Applocker is mentioned in the link below.

Flash Disinfector seemed to work ok here on this Win 7 32 bit install.
Bleeping Computer Discussion

 

Granted I don't know for sure, but in my tests, the autorun.inf was never a filetype that could be "stopped". For example in SBIE, you could prescribe a block on autorun.inf, and you could not open it (deny it in terms of double click or right click events), but it would "autorun" no matter what type of rule I put in place. The same thing happens in SRP. You can deny execution, but execution exists in a different manner for autorun.inf files.

I stopped looking for an answer, but it would have been nice to actually stop it whilst still retaining Autoplay (not autorun) in XP. In win7, it is not an issue it seems, so why bother. Ok ok, curiosity on the topic still makes me want to poke around more, but I never was able to find much info on the internal mechanism that makes the magic work. Perhaps revisiting win95 would shed some light, but I don't really feel that ambitious

Sul.

 

Thanks Sully for your feedback. Yes, I think that using Forced Folders is the solution: I first plugged in a USB flash drive, once the letters E:\ F:\ are created, I was able to add them to the Forced Folders settings. Now whenever I plug a USB drive it starts sandboxed (presumably the dreaded autorun.inf would transfer to the sandbox...).

For these situations, however, I would rather use Shadow Defender as it is a bit more forgiving if one makes stupid mistakes.

 

If they are your USB sticks that you will be using you only need to use Panda USB Vaccine on them one time to stop them from being able to autorun. It is other USB sticks that are not yours that will then be the possible contaminants.

Sul.

 

Have you tried?

No Autorun 1.0.3.6

http://en.sourceforge.jp/frs/g_redi...run/win32-bin/NoAutorun-win32-bin-1.0.3.6.zip

"Project Description

Blocks virus in USB flash/disk from auto-running. When a USB disk is inserted, this tool not only locks the autorun.inf file, but also locks all the autorun-related virus and other suspicious files."

 

Thanks.

 

Having had a wonderful review of Sandboxie in this thread and I myself regarding it as the New Messiah, how about somebody commenting on a previous Wilders thread : https://www.wilderssecurity.com/showthread.php?t=104981
where there appears to be a Houdini ?

John B

 

A thread from 2006? A lot of rain fallen since then...

 

Hi Buster,

Yep, a lot of rain has fallen since then, BUT are you saying that the problem discussed is now non-existent ? If you are, then where is the follow-up ? I would love to read it.
The thread seems inconclusive - a cold case file ?

If a 4-5 year old problem has not been solved, then we have a 6th July 2010 problem.

John B